we plan to use EAP-FAST for the authentification of client devices but would like to increase the security by using PKI-Server Certificates for the ACS Radius Server. Do you know if that is possible ? Or do we need PEAP for Radius Server Certificate validation ?
As far a i know EAP-FAST will not support server side certificates. EAP-FAST was developed to address the deficiencies in LEAP and one of the key design requirements was that it did not use certificates which made it relatively easy to deploy.
If you want server validation with certificates then PEAP is the way to go.
Under FAST settings, it is possible to specify Validate Server Certificate, which permits the client to validate the EAP-FAST server (ACS) certificate prior to the establishment of an EAP-FAST session.
This provides protection for the client devices from connection to an unknown or rogue EAP-FAST server and inadvertent submittal of their authentication credentials to an untrusted source. This does require that the ACS server have a certificate installed and the client also has the correspondent Root Certificate Authority certificate installed.
This tool is essentially used to generate basic and best practice configurations for the 9800 Controller. The basic configurations include Day 0 Config, Central and Local Webauth, Dot1x, PSK etc. The tool uses a GUI format to take input variables for the ...
The Workplace, Reimagined: Secure Network Solutions for Business Resiliency
Network Insider Live Webinar
Tuesday, August 18, 202010:00 am Pacific Time(San Francisco, GMT-08:00)
Where and how your employees work is changing—your workforce can...
Do you have hands-on experience with wireless network management?
If yes, please participate in this quick online survey. We'd like to understand your wireless network management and job roles that partake in this task. Your feedback will be reviewed a...
This event had place on Thursday 11, June 2020 at 10hrs PDT
In this session, the Cisco expert covered single image orchestration changes with the Cisco IOS XE Software Release 17.2.1r for Cisco IOS XE and Cisco IOS XE SD-WAN use cases. Duri...
This is a two-step process.
Step 1: Need to add the FlexConnect AP to a FlexConnect Group.Step 2: Need to configure a FlexConnect ACL (to specify the local traffic-of-interest), and map it to that FlexConnect Group.
For step 1----------As in the i...